Otto
Advanced
- Joined
- 22.09.20
- Messages
- 107
- Reaction score
- 380
- Points
- 63
The attackers tricked employees of USCellular retail stores into downloading malware to their computers.
Mobile operator USCellular was the victim of a data leak after attackers gained access to its customer relationship management (CRM) system.
According to a security incident notice filed with the Vermont Attorney General's Office, the attackers tricked employees of USCellular retail stores into downloading malware to their computers.
"On January 6, 2021, we discovered a data security incident that resulted in unauthorized persons being able to access your wireless user account and wireless phone number. Several employees of retail stores were successfully deceived by unauthorized persons and downloaded the software to the store's computer. Since the employee was already logged into the retail management system ("CRM"), the downloaded software allowed an unauthorized person to remotely access the store's computer and log into the CRM system under the employee's credentials," USCellular explains in the notice.
According to the telecom operator, the attack occurred on January 4, 2021. It is not clear from the notification how many customers were affected by the incident, and how the attackers were able to deceive employees (using a phishing email or other method).
When viewing USCellular customer accounts in the CRM system, attackers could see their names, addresses, PINS, cell phone numbers, data plans, and billing and usage reports. Social security numbers and bank card details were not visible to cybercriminals, the operator said.
After learning about the attack, USCellular isolated the infected computer and reset the user passwords. The operator has also reset the pins and security questions/answers, which can be set up again by contacting USCellular.
Mobile operator USCellular was the victim of a data leak after attackers gained access to its customer relationship management (CRM) system.
According to a security incident notice filed with the Vermont Attorney General's Office, the attackers tricked employees of USCellular retail stores into downloading malware to their computers.
"On January 6, 2021, we discovered a data security incident that resulted in unauthorized persons being able to access your wireless user account and wireless phone number. Several employees of retail stores were successfully deceived by unauthorized persons and downloaded the software to the store's computer. Since the employee was already logged into the retail management system ("CRM"), the downloaded software allowed an unauthorized person to remotely access the store's computer and log into the CRM system under the employee's credentials," USCellular explains in the notice.
According to the telecom operator, the attack occurred on January 4, 2021. It is not clear from the notification how many customers were affected by the incident, and how the attackers were able to deceive employees (using a phishing email or other method).
When viewing USCellular customer accounts in the CRM system, attackers could see their names, addresses, PINS, cell phone numbers, data plans, and billing and usage reports. Social security numbers and bank card details were not visible to cybercriminals, the operator said.
After learning about the attack, USCellular isolated the infected computer and reset the user passwords. The operator has also reset the pins and security questions/answers, which can be set up again by contacting USCellular.